sub_outside():
WS2_32.inet_ntoa
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
NTDLL.RtlFreeHeap
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
KERNEL32.GetVersionExA
KERNEL32.ExitProcess
|
sub_419E0B(0130):
KERNEL32.GetCPInfo
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_4046BC(0505):
" "
"-s"
"/s"
|
sub_418C1B(0635):
NTDLL.RtlGetLastWin32Error
|
sub_41AF3B(08d2):
"CONOUT$"
|
sub_40FE64(08e4):
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
|
sub_40F267(090a):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcessHeap
KERNEL32.InterlockedIncrement
"KERNEL32.DLL"
|
sub_4026D7(0947):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.GetSystemDirectoryA
"@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
"%s\\tmp-%i%i%i-%c%c%c.bat"
"w"
"%s"
|
sub_40A506(09bf):
"%d.%d.%d.%d"
"%s"
"%s"
"%s"
"%s"
|
sub_41A0B7(0c06):
KERNEL32.GetProcessHeap
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
NTDLL.RtlGetLastWin32Error
|
sub_408B28(0c3d):
"ncacn_ip_tcp"
"50abc2a4-574d-40b3-9d66-ee4fd5fba076"
"["
"]"
|
sub_401C17(0f7b):
KERNEL32.GetModuleHandleA
KERNEL32.GetTickCount
KERNEL32.GetCurrentProcessId
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"Sandboxie"
"CreateToolhelp32Snapshot"
"kernel32.dll"
"Module32Next"
|
sub_403249(11a6):
WS2_32.recv
WS2_32.send
WS2_32.getpeername
WS2_32.gethostbyaddr
WS2_32.closesocket
"GET"
"Que?"
"HTTP/1.1 501 Not Implemented\r\nContent-L"...
"%s\\%s\\%s"
"%s\\%s\\%s%s"
"%s\\%s"
"Que?"
"HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
"±±ÆÀÔÙ"
"HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
"HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
|
sub_44BCAE(1218):
KERNEL32.GetModuleHandleA
|
sub_40393C(1433):
WS2_32.socket
WS2_32.closesocket
WS2_32.gethostbyname
WS2_32.htons
WS2_32.connect
"ÂÓÁÁ"
"%s %s\r\n"
"%s-%s"
"ÜÛÑÙ"
"ÇÁ×À"
"%s %s\r\n%s %s 0 0 :%s\r\n"
|
sub_4190F4(1716):
KERNEL32.MultiByteToWideChar
"USER32.DLL"
"MessageBoxA"
"GetActiveWindow"
"GetLastActivePopup"
"GetUserObjectInformationA"
"GetProcessWindowStation"
|
sub_40EABF(1b24):
KERNEL32.GetCPInfo
|
sub_40CA0C(1c1d):
KERNEL32.SetUnhandledExceptionFilter
|
sub_403C7D(1da2):
WS2_32.recv
WS2_32.closesocket
"\r\n"
"%s"
|
sub_417333(240f):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_40FADD(2585):
NTDLL.RtlAllocateHeap
|
sub_417C3F(2989):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetFileType
KERNEL32.CloseHandle
|
sub_40C58B(2daa):
NTDLL.RtlSizeHeap
|
sub_418A5A(34be):
NTDLL.RtlLeaveCriticalSection
|
sub_418F89(364e):
KERNEL32.MultiByteToWideChar
|
sub_40140A(3672):
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_40186E(3770):
KERNEL32.CloseHandle
|
sub_4017FD(3770):
KERNEL32.CloseHandle
|
sub_413B24(3aac):
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_402632(3b18):
KERNEL32.CreateProcessA
|
sub_411981(3dd1):
KERNEL32.GetModuleHandleA
"mscoree.dll"
"CorExitProcess"
|
sub_402A2D(42b3):
WS2_32.getsockname
"%d.%d.%d.%d"
|
sub_41AEE0(4634):
KERNEL32.GetModuleHandleA
"KERNEL32"
"IsProcessorFeaturePresent"
|
sub_41A564(4658):
"e+000"
|
sub_403718(478a):
"\r\n"
" "
"\r\n\r\n"
|
sub_41609C(4d78):
KERNEL32.GetStringTypeW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
|
sub_411E0F(4f5e):
NTDLL.RtlEnterCriticalSection
|
sub_411E61(4f5e):
NTDLL.RtlLeaveCriticalSection
|
sub_4099FF(5358):
KERNEL32.CloseHandle
"http://%s:%d/%s"
|
sub_40EF62(5886):
KERNEL32.InterlockedIncrement
|
sub_4143F6(58d9):
"pow"
"exp"
"exp"
"log10"
"log10"
"log"
"log"
"pow"
"pow"
"exp10"
|
sub_4038C8(59a3):
"ÜÛÑÙ"
"%s %s\r\n"
|
sub_40F8CA(5be9):
KERNEL32.GetProcessHeap
|
sub_409CC8(62e3):
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.closesocket
WS2_32.send
|
sub_41A26B(65eb):
NTDLL.RtlGetLastWin32Error
|
sub_418A7C(68c8):
NTDLL.RtlEnterCriticalSection
NTDLL.RtlLeaveCriticalSection
|
sub_402C36(69dd):
"192*"
"10.*"
"111.*"
"15.*"
"16.*"
"101*"
"110*"
"112*"
"11.*"
"172*"
|
sub_411E84(6a78):
"ccs="
"UTF-8"
"UTF-16LE"
"UNICODE"
|
sub_408525(6c31):
"list too long"
|
sub_401FC0(6c31):
"list too long"
|
sub_40EA45(705a):
KERNEL32.GetACP
|
sub_419FEC(71e5):
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
|
sub_416874(7249):
KERNEL32.GetModuleHandleA
KERNEL32.MultiByteToWideChar
NTDLL.RtlRestoreLastWin32Error
"kernel32.dll"
"InitializeCriticalSectionAndSpinCount"
|
sub_403F55(748c):
"%s"
" :"
" "
"ÂÛÜÕ"
"ÙÛÑÙ"
"ÂÀÛÄßÁÕ"
"ÂÝÜÕ"
"%s %s\r\n"
"±±ÆÀÔÙ"
"ØÝÛÜ"
"%s %s %s\r\n"
"001"
"ØÝÛÜ"
"ßÝÖ×"
"±±ÆÀÔÙ"
"%s %s %s\r\n%s %s %s\r\n"
"332"
" :"
"%s"
"!"
"332"
";"
|
sub_401000(76c4):
KERNEL32.GetCurrentProcessId
KERNEL32.GetModuleHandleA
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
KERNEL32.GetCurrentThreadId
"OpenThread"
"kernel32.dll"
"OpenProcess"
"CreateToolhelp32Snapshot"
"Process32First"
"Module32Next"
"Thread32Next"
"ReadProcessMemory"
"GetModuleFileNameExA"
"psapi.dll"
"SeDebugPrivilege"
"SeDebugPrivilege"
"System"
"±±ÆÀÔÙ"
"Bot Killed: %s"
|
sub_40E68F(7a5e):
KERNEL32.SetUnhandledExceptionFilter
|
sub_404E7F(7c8e):
KERNEL32.GetSystemDirectoryA
"ÞÆÑÛÁÛ"
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_40AAF3(7f6b):
"invalid string position"
|
sub_40F200(81f1):
KERNEL32.TlsGetValue
KERNEL32.TlsSetValue
|
sub_402BB7(824c):
KERNEL32.QueryPerformanceCounter
|
sub_416A1E(83d5):
NTDLL.RtlGetLastWin32Error
|
sub_4088D0(8478):
WININET.InternetOpenA
WININET.InternetOpenUrlA
KERNEL32.GetTickCount
WININET.InternetReadFile
KERNEL32.CloseHandle
KERNEL32.GetCurrentThreadId
"Mozilla/5.0"
"DL: Downloading %s to %s"
"Download %s (%i Bytes) finished in %i s"...
"Uninstalling"
"Failed; Bad Location."
"Failed Update"
"Error Executing"
"Executed: %s"
"Bad URL"
|
sub_40E817(87b5):
KERNEL32.GetCPInfo
|
sub_40A455(8861):
WS2_32.socket
WS2_32.htons
WS2_32.ioctlsocket
WS2_32.connect
WS2_32.select
WS2_32.closesocket
|
sub_402833(8f8b):
"RM"
"ÞÆÑÛÁÛ"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
"QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
|
sub_40EFE8(9237):
KERNEL32.InterlockedDecrement
|
sub_401B44(9762):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
"C:\\InsideTm"
|
sub_405231(9909):
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_4019F9(a203):
KERNEL32.GetTickCount
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_4030E2(a2bf):
WS2_32.accept
|
sub_403ECA(a60e):
WS2_32.send
|
sub_402E6D(a74d):
"%s"
"%s%X"
|
sub_416BBA(a83e):
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_40F4D7(a9bf):
KERNEL32.GetModuleHandleA
KERNEL32.TlsGetValue
KERNEL32.TlsAlloc
KERNEL32.TlsSetValue
KERNEL32.GetCurrentThreadId
"KERNEL32.DLL"
"FlsGetValue"
"FlsSetValue"
"FlsFree"
|
sub_414F0D(ac82):
KERNEL32.SetUnhandledExceptionFilter
|
sub_40D437(ad53):
NTDLL.RtlAllocateHeap
|
sub_414EEC(add8):
KERNEL32.SetUnhandledExceptionFilter
|
sub_404FE1(b029):
KERNEL32.GetSystemDirectoryA
"ÞÆÑÛÁÛ"
"%s\\%s"
"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
|
sub_414BB6(b143):
KERNEL32.GetModuleFileNameA
"C:\\m_unpacker\\packed.exe"
|
sub_40158F(b7dc):
"SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
"%s\\%s"
"EventMessageFile"
|
sub_402D40(bc52):
KERNEL32.GetTickCount
|
sub_402AAB(bd69):
KERNEL32.GetVersionExA
"VIS"
"2K3"
"XP"
"2K"
"ME"
"98"
"NT"
"95"
"UNK"
|
sub_40312D(c0d5):
KERNEL32.GetSystemDirectoryA
WS2_32.socket
WS2_32.closesocket
WS2_32.htons
WS2_32.bind
WS2_32.WSAAsyncSelect
WS2_32.listen
"%s\\%s"
|
sub_40F9F7(c36e):
NTDLL.RtlEnterCriticalSection
|
sub_414DEC(c391):
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.QueryPerformanceCounter
|
sub_401ACE(c47f):
"oxrIHYbuYGFrDgAT"
"oxrIHYbuYGFrDgAT"
"%s%c"
|
sub_40300B(c642):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetTickCount
" "
|
sub_40F91F(c70d):
NTDLL.RtlLeaveCriticalSection
|
sub_412464(ca1e):
KERNEL32.GetFileType
KERNEL32.GetStdHandle
KERNEL32.LockResource
|
sub_4081DD(ca6e):
WS2_32.socket
WS2_32.setsockopt
WS2_32.htons
WS2_32.bind
WS2_32.closesocket
WS2_32.select
WS2_32.recvfrom
|
sub_4049E1(cc56):
KERNEL32.GetSystemDirectoryA
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
KERNEL32.CopyFileA
KERNEL32.GetVersionExA
WS2_32.WSAStartup
WS2_32.WSACleanup
"--fu "
"%s\\%s"
"%s %s%s"
"%s"
"ÞÆÑÛÁÛ"
"RM"
"C:\\gfccx.exe"
"http://marvmozlinwildlife.com/gfxdrvr.e"...
"http://marvmozlinwildlife.com/sp2.exe"
|
sub_4023EB(cd19):
WS2_32.socket
WS2_32.htons
WS2_32.inet_addr
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"NT LAN Manager *.*"
"Windows 2000 LAN Manager*"
"Windows 5.0"
"Windows 5.1"
"Windows Server 2003 *"
|
sub_4136C1(cd6e):
KERNEL32.GetModuleFileNameA
KERNEL32.GetStdHandle
"Runtime Error!\n\nProgram: "
""
"..."
"\n\n"
"Microsoft Visual C++ Runtime Library"
|
sub_414C6F(ced3):
KERNEL32.GetEnvironmentStringsW
NTDLL.RtlGetLastWin32Error
KERNEL32.WideCharToMultiByte
KERNEL32.FreeEnvironmentStringsW
|
sub_40E9A1(d02f):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_417602(d327):
NTDLL.RtlAllocateHeap
|
sub_411DE0(d432):
NTDLL.RtlEnterCriticalSection
|
sub_411E32(d432):
NTDLL.RtlLeaveCriticalSection
|
sub_415CB7(d5b0):
KERNEL32.LCMapStringW
NTDLL.RtlGetLastWin32Error
KERNEL32.MultiByteToWideChar
KERNEL32.WideCharToMultiByte
|
sub_40EC6A(d858):
KERNEL32.InterlockedDecrement
KERNEL32.InterlockedIncrement
|
sub_407F60(dd03):
KERNEL32.GetModuleHandleA
KERNEL32.GetModuleFileNameA
|
sub_4037AC(df11):
"%x"
|
sub_4189BA(e051):
NTDLL.RtlEnterCriticalSection
|
sub_40F3B6(e07f):
KERNEL32.InterlockedDecrement
|
sub_41AF5A(e22c):
KERNEL32.CloseHandle
|
sub_403DB4(e37d):
WS2_32.send
"ÂÀÛÄßÁÕ"
"%s %s %s\r\n"
|
sub_417720(e37e):
NTDLL.RtlAllocateHeap
|
sub_41C5C1(e396):
"1#SNAN"
"1#IND"
"1#INF"
"1#QNAN"
|
sub_40F128(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_40F194(e3a2):
KERNEL32.TlsGetValue
KERNEL32.GetModuleHandleA
"KERNEL32.DLL"
|
sub_40196D(e436):
NTDLL.RtlGetLastWin32Error
|
sub_40FA83(e479):
KERNEL32.HeapCreate
|
sub_412126(e48e):
NTDLL.RtlEnterCriticalSection
|
sub_40176E(e5e3):
KERNEL32.CloseHandle
|
sub_419CD1(e6d5):
KERNEL32.SetUnhandledExceptionFilter
|
sub_404844(e85c):
KERNEL32.GetTickCount
"qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
"["
"%s%s|"
"%sP|"
"%s0%I64u|"
"%s%I64u|"
"%s%c"
"%s]"
|
sub_401BBC(ec54):
"GetWindowLongA"
"user32"
|
sub_40F1F7(ef17):
KERNEL32.TlsAlloc
|
sub_40F31B(efa1):
NTDLL.RtlGetLastWin32Error
KERNEL32.TlsGetValue
KERNEL32.GetCurrentThreadId
NTDLL.RtlRestoreLastWin32Error
|
sub_4760A2(f2f2):
KERNEL32.GetModuleHandleA
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
|
sub_407FE4(f6f0):
WS2_32.socket
WS2_32.htons
WS2_32.sendto
WS2_32.recvfrom
WS2_32.inet_ntoa
WS2_32.closesocket
"±±ÆÀÔÙ"
"TFTP: Send Complete To %s. %d Total Sen"...
|
sub_40FB50(f7b2):
KERNEL32.TlsSetValue
NTDLL.RtlFreeHeap
|
sub_4126D1(fb55):
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
|
sub_47615A(fbf5):
USER32.MessageBoxA
KERNEL32.ExitProcess
|
sub_408CC5(fdf1):
WS2_32.inet_ntoa
WS2_32.htons
WS2_32.socket
WS2_32.connect
WS2_32.send
WS2_32.recv
WS2_32.closesocket
"http://%s:%d/%s"
"\\)\\L\\á\\w"
"\\8\\\a\\Ò\\w"
|